US20150207807A1 - Method and device for anti-virus scanning - Google Patents

Method and device for anti-virus scanning Download PDF

Info

Publication number
US20150207807A1
US20150207807A1 US14/419,275 US201314419275A US2015207807A1 US 20150207807 A1 US20150207807 A1 US 20150207807A1 US 201314419275 A US201314419275 A US 201314419275A US 2015207807 A1 US2015207807 A1 US 2015207807A1
Authority
US
United States
Prior art keywords
file
files
disk
scan
virus
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US14/419,275
Other versions
US9325736B2 (en
Inventor
Yibin Guo
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN201310008632.8A external-priority patent/CN103927479B/en
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Assigned to TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED reassignment TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: GUO, Yibin
Publication of US20150207807A1 publication Critical patent/US20150207807A1/en
Application granted granted Critical
Publication of US9325736B2 publication Critical patent/US9325736B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/568Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/0802Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches
    • G06F12/0866Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches for peripheral storage systems, e.g. disk cache
    • G06F12/0868Data transfer between cache memory and other subsystems, e.g. storage devices or host systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/31Providing disk cache in a specific location of a storage system
    • G06F2212/314In storage network, e.g. network attached cache
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/46Caching storage objects of specific type in disk cache
    • G06F2212/463File

Definitions

  • the disclosure relates to the field of internet technology, and particularly to a method and a device for anti-virus scanning.
  • a conventional method of anti-virus includes two parts which are static defense and dynamic defense, and these two parts are the cornerstones for confronting the spread of virus.
  • the static defense therein is an even more fundamental technique in anti-virus process, and some basic functions of dynamic defense also need to be provided and strengthened by the static defense.
  • the performance of anti-virus engine is most important.
  • the anti-virus engine needs to consider both of disk read/write operations and calculations. Therefore, in a conventional anti-virus engine, the disk read/write operation as a key factor for the efficiency of anti-virus scanning becomes the bottleneck of the conventional anti-virus engine performance.
  • a conventional anti-virus method by caching a to-be-scanned file into a memory and scanning the to-be-scanned file in the memory, the amount of disk read/write operations in a subsequent anti-virus scanning is reduced, and thus, the efficiency of anti-virus scanning is improved. Due to the limited capacity of a memory, this method usually caches only virus files into a memory, while for the huge amount of normal files on a user terminal, there is no definite method to instruct whether and which files need to be cached into the memory. Therefore, the conventional anti-virus method consumes such a long time, and the efficiency of anti-virus scanning is low.
  • Exemplary embodiments of the present invention provide a method and a device for anti-virus scanning, which can reduce the amount of disk read/write operations during the anti-virus scanning and improve the efficiency of anti-virus scanning
  • One embodiment of the present invention provides a method for anti-virus scanning, comprising: when performing an anti-virus scan operation on at least one file in a disk, recording information of the at least one file and information of a disk section having a read/write operation during the anti-virus scan operation; analyzing the information of the at least one file and the information of the disk section having the read/write operation during the anti-virus scan operation, and obtaining a cache reference section; loading one or more files in the cache reference section into a memory, and reading the loaded one or more files in the memory to scan when receiving an anti-virus scan request.
  • Another embodiment of the present invention provides a device for anti-virus scanning, comprising: an anti-virus scanning unit, which is configured to perform an anti-virus scan operation on at least one file in a disk; a recording unit, which is configured to when performing an anti-virus scan operation on at least one file in a disk, record information of the at least one file and information of a disk section having a read/write operation during the anti-virus scan operation; a processing unit, which is configured to analyze the information of the at least one file and the information of the disk section having the read/write operation during the anti-virus scan operation and obtain a cache reference section; and a caching unit, which is configured to load one or more files in the cache reference section into a memory, and indicate the anti-virus scanning unit to read the loaded one or more files from the memory to scan when the anti-virus scanning unit receives an anti-virus scan request.
  • Exemplary embodiments of the present invention may have the following benefit effects.
  • a cache reference section can be obtained by recording and analyzing information of at least one file and information of a disk section having a read/write operation during an anti-virus scan operation on the at least one file. So, when scanning next time, one or more files in the cache reference section can be pre-loaded into a memory. Thus, cache data can be identified, and the efficiency of anti-virus scanning can be improved.
  • the range of cache reference section can be compressed, and the hit rate of cache files can be raised.
  • the memory storage pressure can be reduced, and the efficiency of anti-virus scanning can be increased without affecting the process performance.
  • the section corresponding to the unhitted cache file may be combined into the cache reference section. Therefore, the cache reference section can be further improved, and the hit rate of cache files can be enhanced.
  • FIG. 1 is a flowchart of a method for anti-virus scanning according to one embodiment of the invention
  • FIG. 2 is a flowchart of a method for anti-virus scanning according to another embodiment of the invention.
  • FIG. 3 is a flowchart of a method for anti-virus scanning according to yet another embodiment of the invention.
  • FIG. 4 is a flowchart of a method for anti-virus scanning according to yet another embodiment of the invention.
  • FIG. 5 is a structure diagram of a device for anti-virus scanning according to yet another embodiment of the invention.
  • FIG. 6 is a structure diagram of a device for anti-virus scanning according to yet another embodiment of the invention.
  • FIG. 7 is a structure diagram of a device for anti-virus scanning according to yet another embodiment of the invention.
  • FIG. 8 is a structure diagram of a device for anti-virus scanning according to yet another embodiment of the invention.
  • FIG. 1 it is a flowchart of a method for anti-virus scanning according to one embodiment of the invention. The method comprises the following steps.
  • Step S 101 is: when performing an anti-virus scan operation on at least one file in a disk, recording information of the at least one file and information of a disk section having a read/write operation during the anti-virus scan operation.
  • information of each of the at least one file comprises: a file type, and a hash data of the file; wherein, the file type is used to classify files and perform statistic on disk sections having read/write operations for files of respective types; and the hash data of the file is used to check correction and integration of the file.
  • information of each of the at least one file can further comprise but not limited to other information of file attributes, such as the version number, shelled or unshelled, compressed or uncompressed, etc.
  • Step S 102 is: analyzing the information of the at least one file and the information of the disk section having the read/write operation, and obtaining a cache reference section.
  • Step S 103 is: loading one or more files in the cache reference section into a memory, and reading the loaded one or more files in the memory to scan when receiving an anti-virus scan request.
  • a cache reference section is obtained. So, when scanning next time, the at least one file in the cache reference section can be pre-loaded into a memory. Thus, cache data can be identified, and the efficiency of anti-virus scanning can be improved.
  • FIG. 2 it is a flowchart of a method for anti-virus scanning according to another embodiment of the invention. The method comprises the following steps.
  • Step S 201 is: recording, when performing an anti-virus scan operation on at least one file in a disk, information of the at least one file and information of a disk section having a read/write operation.
  • Step S 202 is: classifying all files according to their file types.
  • disk sections that have read/write operations are normally different.
  • the disk section having a read/write operation for a picture file apparently differs from the one for a compressed file. If performing the same operation on files of different types, it would affect the correction of subsequent analysis and calculations on the cache reference section.
  • Step S 203 is: for files of different types, selecting cache files according to at least one of file popularity, a reading attribute of anti-virus engine, and unhitted cache data reported by a terminal.
  • the file popularity is high when a file is frequently used, and the file popularity is low when a file is rarely used.
  • a file with high file popularity its corresponding disk section having read/write operations usually needs to be preferentially considered, while for a file with low file popularity, it may not be necessary to be added into cache.
  • the high-popularity file should have priority to be admissible.
  • a popularity threshold may be preset to indicate the frequency of use for a file in a preset duration. When its file popularity reaches the popularity threshold, a file will be judged as a high-popularity file.
  • the reading attribute of an anti-virus engine may be frequencies of the anti-virus engine reading respective sections of the disk. For example, some anti-virus engine will frequently read a certain section in a disk, and thus, the data in this section can be added into the cache reference section.
  • its corresponding section can also be added into the cache reference section when reported by a terminal.
  • Step S 204 is: combining disk sections having read/write operations corresponding to the cache files to obtain the cache reference section.
  • Step S 205 is: loading one or more files in the cache reference section into a memory, and reading the loaded one or more files in the memory to scan when receiving an anti-virus scan request.
  • disk sections having read/write operations corresponding to frequently used files can be obtained.
  • a cache reference section obtained by combining these sections can have a relatively high hit rate. As a result, the efficiency of anti-virus scanning can be relatively improved while the storage pressure of memory can be decreased.
  • FIG. 3 it is a flowchart of a method for anti-virus scanning according to yet another embodiment of the invention. The method comprises the following steps.
  • Step S 301 is: recording, when performing an anti-virus scan operation on at least one file in a disk, information of the at least one file and information of a disk section having a read/write operation.
  • Step S 302 is: classifying all files according to their file types.
  • Step S 303 is: for files with different types, selecting cache files according to at least one of file popularity, a reading attribute of anti-virus engine, and unhitted cache data reported by a terminal.
  • Step S 304 is: combining disk sections having read/write operations corresponding to the cache files to obtain the cache reference section.
  • Step S 305 is: judging whether a file capacity in the cache reference section exceeds a preset threshold.
  • Step S 306 is: performing an anti-virus scan operation on files in the cache reference section, recording information of the files and information of disk sections having read/write operations during the anti-virus scan operation, analyzing the information of the files and the information of the disk sections having the read/write operations during the anti-virus scan operation, until the file capacity in the cache reference section meets the requirement of the preset threshold.
  • a method for further compressing the cache reference section is provided.
  • a more appropriate cache reference section can be obtained, until the file capacity in the cache reference section meets the requirement of a preset threshold. In this way, the efficiency of anti-virus scanning can be improved without influencing the whole performance of system.
  • Step S 307 is: loading one or more files in the cache reference section into a memory, and reading the loaded one or more files in the memory to scan when receiving an anti-virus scan request.
  • FIG. 4 it is a flowchart of a method for anti-virus scanning according to yet another embodiment of the invention. The method comprises the following steps.
  • Step S 401 is: recording, when performing an anti-virus scan operation on at least one file in a disk, information of the at least one file and information of a disk section having a read/write operation.
  • Step S 402 is: classifying all files according to their file types.
  • Step S 403 is: for files with different types, selecting cache files according to at least one of file popularity, a reading attribute of anti-virus engine, and unhitted cache data reported by a terminal.
  • Step S 404 is: combining disk sections having read/write operations corresponding to the cache files to obtain the cache reference section.
  • Step S 405 is: judging whether a file capacity in the cache reference section exceeds a preset threshold.
  • Step S 406 is: performing an anti-virus scan operation on files in the cache reference section, recording information of the files and information of disk sections having read/write operations during the anti-virus scan operation, analyzing the information of the files and the information of the disk sections having the read/write operations during the anti-virus scan operation, until the file capacity in the cache reference section meets the requirement of the preset threshold.
  • Step 407 is: loading one or more files in the cache reference section into the memory, and judging whether there exists a to-be-scanned file in the memory when receiving the anti-virus scan request.
  • Step 408 is: reading the to-be-scanned file directly from the disk to scan, recording information of the to-be-scanned file and information of a disk section having a read/write operation during the scan on the to-be-scanned file, and combining the disk section having the read/write operation during the scan on the to-be-scanned file into the cache reference section.
  • the cache reference section can be further improved by judging whether there exists a to-be-scanned file; if there exists no to-be-scanned files, reading the to-be-scanned file directly from the disk and performing an anti-virus scan operation, and meanwhile, introducing a parallel adding manner to combine the disk section having a read/write operation which corresponds to the unhitted file into the cache reference section. If the file capacity in the cache reference section exceeds the preset threshold, some rarely used files in the cache reference section may be deleted according to the file type, the file popularity, and the reading attributes of anti-virus engine as references, so as to keep the section size appropriate.
  • Step S 409 is: reading directly from the memory and performing an anti-virus scan operation.
  • FIG. 5 it is a structure diagram of a device for anti-virus scanning according to yet another embodiment of the invention.
  • the device comprises: an anti-virus scanning unit 100 , a recording unit 200 , a processing unit 300 and a caching unit 400 .
  • the anti-virus scanning unit 100 is configured to perform an anti-virus scan operation on at least one file in a disk; the recording unit 200 is configured to when the anti-virus scanning unit 100 performs an anti-virus scan operation on at least one file in a disk, record information of the at least one file and information of a disk section having a read/write operation during the anti-virus scan operation; the processing unit 300 is configured to analyze the information of the at least one file and the information of the disk section having the read/write operation and obtain a cache reference section; and the caching unit 400 is configured to load one or more files in the cache reference section into a memory, and read the loaded one or more files in the memory to scan when receiving an anti-virus scan request.
  • FIG. 6 it is a structure diagram of a device for anti-virus scanning according to yet another embodiment of the invention.
  • the device comprises: an anti- virus scanning unit 100 , a recording unit 200 , a processing unit 300 and a caching unit 400 .
  • the processing unit 300 comprises: a classifying sub-unit 310 , a selecting sub-unit 320 , a combining sub-unit 330 .
  • the classifying sub-unit 310 is configured to classify all files according to their file types; the selecting sub-unit 320 is configured to for files with different types, select cache files according to at least one of file popularity, a reading attributes of anti-virus engine, and unhitted cache data reported by a terminal; the combining sub-unit 330 is configured to combine disk sections having read/write operations corresponding to the cache files to obtain a cache reference section, wherein, the file popularity is high if the file is frequently used, and the file popularity is low if the file is rarely used.
  • the reading attributes of anti-virus engine may be frequencies of the anti-virus engine reading respective sections of the disk.
  • FIG. 7 it is a structure diagram of a device for anti-virus scanning according to yet another embodiment of the invention.
  • the device comprises: a anti-virus scanning unit 100 , a recording unit 200 , a processing unit 300 , a caching unit 400 and a first judging unit 500 .
  • the first judging unit 500 is configured to judge whether a file capacity in the cache reference section exceeds a preset threshold, after the combining sub-unit 330 combines disk sections having read/write operations corresponding to the cache files to obtain a cache reference section. If the file capacity exceeds the preset threshold, then it indicates the anti-virus scanning unit 100 to perform an anti-virus scan operation on at least one file in the cache reference section, indicates the recording unit 200 to record information of the at least one file and information of a disk section having a read/write operation during an anti-virus scan operation on the at least one file, and indicates the processing unit 300 to analyze the information of the at least one file and the information of the disk section having the read/write operation during an anti-virus scan operation on the at least one file, until the file capacity in the cache reference section meets the requirement of the preset threshold.
  • FIG. 8 it is a structure diagram of a device for anti-virus scanning according to yet another embodiment of the invention.
  • the device comprises: an anti-virus scanning unit 100 , a recording unit 200 , a processing unit 300 , a caching unit 400 , a first judging unit 500 , and a second judging unit 600 .
  • the second judging unit 600 is configured to load one or more files in the cache reference section into the memory, and judge whether there exists a to-be-scanned file in the memory when the anti-virus scanning unit 100 receives an anti-virus scan request. If there exists no to-be-scanned files, then it indicates the anti-virus scanning unit 100 to directly read the to-be-scanned file from a disk to scan, indicates the recording unit 200 to record information of the to-be-scanned file and information of a disk section having a read/write operation during the scan on the to-be-scanned file, and indicates the processing unit 300 to combine the disk section having the read/write operation during the scan on the to-be-scanned file into the cache reference section.
  • exemplary embodiments of the present invention may have the following benefits.
  • a cache reference section is obtained by recording and analyzing information of at least one file and information of a disk section having a read/write operation during anti-virus scan operation on the at least one file. So, when scanning next time, the at least one file in the cache reference section can be pre-loaded into a memory. Thus, cache data can be identified, and the efficiency of anti-virus scanning can be improved.
  • the range of cache reference section can be compressed, and the hit rate of cache files can be raised.
  • the memory storage pressure can be reduced, and the efficiency of anti-virus scanning can be increased without affecting the process performance.
  • the section corresponding to the unhitted cache file may be combined into the cache reference section. Therefore, the cache reference section can be further improved, and the hit rate of cache files can be enhanced.
  • the program may be stored in a computer readable storage medium. When executed, the program may execute processes in the above-mentioned embodiments of methods.
  • the storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), et al.

Abstract

A method for anti-virus scanning is described, including: when performing an anti-virus operation on at least one file in a disk, recording information of the at least one file and information of a disk section having a read/write operation during the anti-virus scan operation; analyzing the information of the at least one file and the information of the disk section having the read/write operation during the anti-virus scan operation, and obtaining a cache reference section; loading one or more files in the cache reference section into a memory, and reading the loaded one or more files in the memory to scan when receiving an anti-virus scan request. Further, a device for anti-virus scanning is also described. In the method and the device, the amount of disk read/write operations during the anti-virus scan can be decreased, and the efficiency of anti-virus scanning can be improved.

Description

    CROSS REFERENCE TO RELATED APPLICATIONS
  • This present application claims the benefit of priority to China Patent Application No. 201310008632.8, filed on Jan. 10, 2013, the contents of which are incorporated by reference herein in their entirety for all intended purposes.
    • FIELD OF THE TECHNOLOGY
  • The disclosure relates to the field of internet technology, and particularly to a method and a device for anti-virus scanning.
    • BACKGROUND
  • As the development and the popularization of the internet, more and more users start to experience the internet. However, not all the environments and the resources of the internet could be secured. If a user terminal is infected by a virus, it may cause terminal system paralysis or hardware damage, even cause the user privacy information leakage to threaten the personal and property safety. Thus, the problem of internet security is increasingly concerned by people. A conventional method of anti-virus includes two parts which are static defense and dynamic defense, and these two parts are the cornerstones for confronting the spread of virus. The static defense therein is an even more fundamental technique in anti-virus process, and some basic functions of dynamic defense also need to be provided and strengthened by the static defense. Moreover, in the static defense, the performance of anti-virus engine is most important. There are several measuring indices for the performance of anti-virus engine, such as virus detection rate, virus killing rate, efficiency of anti-virus scanning, etc., while one of the critical measuring indices is the efficiency of anti-virus scanning. When performing an anti-virus scanning, the anti-virus engine needs to consider both of disk read/write operations and calculations. Therefore, in a conventional anti-virus engine, the disk read/write operation as a key factor for the efficiency of anti-virus scanning becomes the bottleneck of the conventional anti-virus engine performance.
  • In a conventional anti-virus method, by caching a to-be-scanned file into a memory and scanning the to-be-scanned file in the memory, the amount of disk read/write operations in a subsequent anti-virus scanning is reduced, and thus, the efficiency of anti-virus scanning is improved. Due to the limited capacity of a memory, this method usually caches only virus files into a memory, while for the huge amount of normal files on a user terminal, there is no definite method to instruct whether and which files need to be cached into the memory. Therefore, the conventional anti-virus method consumes such a long time, and the efficiency of anti-virus scanning is low.
    • SUMMARY
  • Exemplary embodiments of the present invention provide a method and a device for anti-virus scanning, which can reduce the amount of disk read/write operations during the anti-virus scanning and improve the efficiency of anti-virus scanning
  • One embodiment of the present invention provides a method for anti-virus scanning, comprising: when performing an anti-virus scan operation on at least one file in a disk, recording information of the at least one file and information of a disk section having a read/write operation during the anti-virus scan operation; analyzing the information of the at least one file and the information of the disk section having the read/write operation during the anti-virus scan operation, and obtaining a cache reference section; loading one or more files in the cache reference section into a memory, and reading the loaded one or more files in the memory to scan when receiving an anti-virus scan request.
  • Another embodiment of the present invention provides a device for anti-virus scanning, comprising: an anti-virus scanning unit, which is configured to perform an anti-virus scan operation on at least one file in a disk; a recording unit, which is configured to when performing an anti-virus scan operation on at least one file in a disk, record information of the at least one file and information of a disk section having a read/write operation during the anti-virus scan operation; a processing unit, which is configured to analyze the information of the at least one file and the information of the disk section having the read/write operation during the anti-virus scan operation and obtain a cache reference section; and a caching unit, which is configured to load one or more files in the cache reference section into a memory, and indicate the anti-virus scanning unit to read the loaded one or more files from the memory to scan when the anti-virus scanning unit receives an anti-virus scan request.
  • Exemplary embodiments of the present invention may have the following benefit effects.
  • A cache reference section can be obtained by recording and analyzing information of at least one file and information of a disk section having a read/write operation during an anti-virus scan operation on the at least one file. So, when scanning next time, one or more files in the cache reference section can be pre-loaded into a memory. Thus, cache data can be identified, and the efficiency of anti-virus scanning can be improved. By classifying files to select proper cache files according to file popularity, a reading attribute of anti-virus engine, and unhitted cache data reported by a terminal, the range of cache reference section can be compressed, and the hit rate of cache files can be raised. Moreover, by judging whether the file capacity of cache reference section is appropriate so as to compress the cache reference section repeatedly, the memory storage pressure can be reduced, and the efficiency of anti-virus scanning can be increased without affecting the process performance. When a cache file is unhitted, the section corresponding to the unhitted cache file may be combined into the cache reference section. Therefore, the cache reference section can be further improved, and the hit rate of cache files can be enhanced.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • In order to illustrate the embodiments or existing technical solutions more clearly, a brief description of drawings that assists the description of embodiments of the invention or existing art will be provided below. It would be apparent that the drawings in the following description are only for some of the embodiments of the invention. A person having ordinary skills in the art will be able to obtain other drawings on the basis of these drawings without paying any creative work.
  • FIG. 1 is a flowchart of a method for anti-virus scanning according to one embodiment of the invention;
  • FIG. 2 is a flowchart of a method for anti-virus scanning according to another embodiment of the invention;
  • FIG. 3 is a flowchart of a method for anti-virus scanning according to yet another embodiment of the invention;
  • FIG. 4 is a flowchart of a method for anti-virus scanning according to yet another embodiment of the invention;
  • FIG. 5 is a structure diagram of a device for anti-virus scanning according to yet another embodiment of the invention;
  • FIG. 6 is a structure diagram of a device for anti-virus scanning according to yet another embodiment of the invention;
  • FIG. 7 is a structure diagram of a device for anti-virus scanning according to yet another embodiment of the invention;
  • FIG. 8 is a structure diagram of a device for anti-virus scanning according to yet another embodiment of the invention.
    •  DETAILED DESCRIPTION OF ILLUSTRATED EMBODIMENTS
  • Technical solutions in embodiments of the present invention will be illustrated clearly and entirely with the aid of the drawings in the embodiments of the invention. It is apparent that the illustrated embodiments are only some embodiments of the invention instead of all of them. Other embodiments that a person having ordinary skills in the art obtains based on the illustrated embodiments of the invention without paying any creative work should all be within the protection scope sought by the present invention.
  • Referring to FIG. 1, it is a flowchart of a method for anti-virus scanning according to one embodiment of the invention. The method comprises the following steps.
  • Step S101 is: when performing an anti-virus scan operation on at least one file in a disk, recording information of the at least one file and information of a disk section having a read/write operation during the anti-virus scan operation.
  • Specifically, information of each of the at least one file comprises: a file type, and a hash data of the file; wherein, the file type is used to classify files and perform statistic on disk sections having read/write operations for files of respective types; and the hash data of the file is used to check correction and integration of the file.
  • It is obvious that information of each of the at least one file can further comprise but not limited to other information of file attributes, such as the version number, shelled or unshelled, compressed or uncompressed, etc.
  • Step S102 is: analyzing the information of the at least one file and the information of the disk section having the read/write operation, and obtaining a cache reference section.
  • Step S103 is: loading one or more files in the cache reference section into a memory, and reading the loaded one or more files in the memory to scan when receiving an anti-virus scan request.
  • By recording and analyzing information of the at least one file and information of disk section having a read/write operation during scanning the at least one file, a cache reference section is obtained. So, when scanning next time, the at least one file in the cache reference section can be pre-loaded into a memory. Thus, cache data can be identified, and the efficiency of anti-virus scanning can be improved.
  • Referring to FIG. 2, it is a flowchart of a method for anti-virus scanning according to another embodiment of the invention. The method comprises the following steps.
  • Step S201 is: recording, when performing an anti-virus scan operation on at least one file in a disk, information of the at least one file and information of a disk section having a read/write operation.
  • Step S202 is: classifying all files according to their file types.
  • Generally, for files of different types, disk sections that have read/write operations are normally different. For example, the disk section having a read/write operation for a picture file apparently differs from the one for a compressed file. If performing the same operation on files of different types, it would affect the correction of subsequent analysis and calculations on the cache reference section.
  • Step S203 is: for files of different types, selecting cache files according to at least one of file popularity, a reading attribute of anti-virus engine, and unhitted cache data reported by a terminal.
  • Specifically, the file popularity is high when a file is frequently used, and the file popularity is low when a file is rarely used. For a file with high file popularity, its corresponding disk section having read/write operations usually needs to be preferentially considered, while for a file with low file popularity, it may not be necessary to be added into cache. Particularly, when there is confliction between the disk section having a read/write operation of high-popularity file and the one of low-popularity file, the high-popularity file should have priority to be admissible. Generally, a popularity threshold may be preset to indicate the frequency of use for a file in a preset duration. When its file popularity reaches the popularity threshold, a file will be judged as a high-popularity file.
  • The reading attribute of an anti-virus engine may be frequencies of the anti-virus engine reading respective sections of the disk. For example, some anti-virus engine will frequently read a certain section in a disk, and thus, the data in this section can be added into the cache reference section.
  • For the data not included in the cache reference section, its corresponding section can also be added into the cache reference section when reported by a terminal.
  • After screened by one or more of the screening criteria described above, a series of disk sections having read/write operations can be obtained.
  • Step S204 is: combining disk sections having read/write operations corresponding to the cache files to obtain the cache reference section.
  • Step S205 is: loading one or more files in the cache reference section into a memory, and reading the loaded one or more files in the memory to scan when receiving an anti-virus scan request.
  • By the analyzing method described above in one embodiment, disk sections having read/write operations corresponding to frequently used files can be obtained. A cache reference section obtained by combining these sections can have a relatively high hit rate. As a result, the efficiency of anti-virus scanning can be relatively improved while the storage pressure of memory can be decreased.
  • Referring to FIG. 3, it is a flowchart of a method for anti-virus scanning according to yet another embodiment of the invention. The method comprises the following steps.
  • Step S301 is: recording, when performing an anti-virus scan operation on at least one file in a disk, information of the at least one file and information of a disk section having a read/write operation.
  • Step S302 is: classifying all files according to their file types.
  • Step S303 is: for files with different types, selecting cache files according to at least one of file popularity, a reading attribute of anti-virus engine, and unhitted cache data reported by a terminal.
  • Step S304 is: combining disk sections having read/write operations corresponding to the cache files to obtain the cache reference section.
  • Step S305 is: judging whether a file capacity in the cache reference section exceeds a preset threshold.
  • Generally, the storage capacity of a memory is limited. If too many files are cached, the performance of processing unit would be decreased, and thus processing fluency of the anti-virus scanning would be influenced. Therefore, it is very important for efficiency control of anti-virus scanning to introduce reasonable judgment mechanism to control the size of cache reference section.
  • Step S306 is: performing an anti-virus scan operation on files in the cache reference section, recording information of the files and information of disk sections having read/write operations during the anti-virus scan operation, analyzing the information of the files and the information of the disk sections having the read/write operations during the anti-virus scan operation, until the file capacity in the cache reference section meets the requirement of the preset threshold.
  • Herein, a method for further compressing the cache reference section is provided. By performing continuous cycle of scanning, recording, and analyzing on the files in the cache reference section, a more appropriate cache reference section can be obtained, until the file capacity in the cache reference section meets the requirement of a preset threshold. In this way, the efficiency of anti-virus scanning can be improved without influencing the whole performance of system.
  • Step S307 is: loading one or more files in the cache reference section into a memory, and reading the loaded one or more files in the memory to scan when receiving an anti-virus scan request.
  • Referring to FIG. 4, it is a flowchart of a method for anti-virus scanning according to yet another embodiment of the invention. The method comprises the following steps.
  • Step S401 is: recording, when performing an anti-virus scan operation on at least one file in a disk, information of the at least one file and information of a disk section having a read/write operation.
  • Step S402 is: classifying all files according to their file types.
  • Step S403 is: for files with different types, selecting cache files according to at least one of file popularity, a reading attribute of anti-virus engine, and unhitted cache data reported by a terminal.
  • Step S404 is: combining disk sections having read/write operations corresponding to the cache files to obtain the cache reference section.
  • Step S405 is: judging whether a file capacity in the cache reference section exceeds a preset threshold.
  • Step S406 is: performing an anti-virus scan operation on files in the cache reference section, recording information of the files and information of disk sections having read/write operations during the anti-virus scan operation, analyzing the information of the files and the information of the disk sections having the read/write operations during the anti-virus scan operation, until the file capacity in the cache reference section meets the requirement of the preset threshold.
  • Step 407 is: loading one or more files in the cache reference section into the memory, and judging whether there exists a to-be-scanned file in the memory when receiving the anti-virus scan request.
  • Step 408 is: reading the to-be-scanned file directly from the disk to scan, recording information of the to-be-scanned file and information of a disk section having a read/write operation during the scan on the to-be-scanned file, and combining the disk section having the read/write operation during the scan on the to-be-scanned file into the cache reference section.
  • The hit rate is greatly improved by the method described before, however, it still cannot exclude that there exists unhitted files in the cache reference section. Accordingly, the cache reference section can be further improved by judging whether there exists a to-be-scanned file; if there exists no to-be-scanned files, reading the to-be-scanned file directly from the disk and performing an anti-virus scan operation, and meanwhile, introducing a parallel adding manner to combine the disk section having a read/write operation which corresponds to the unhitted file into the cache reference section. If the file capacity in the cache reference section exceeds the preset threshold, some rarely used files in the cache reference section may be deleted according to the file type, the file popularity, and the reading attributes of anti-virus engine as references, so as to keep the section size appropriate.
  • Step S409 is: reading directly from the memory and performing an anti-virus scan operation.
  • Referring to FIG. 5, it is a structure diagram of a device for anti-virus scanning according to yet another embodiment of the invention. The device comprises: an anti-virus scanning unit 100, a recording unit 200, a processing unit 300 and a caching unit 400.
  • The anti-virus scanning unit 100 is configured to perform an anti-virus scan operation on at least one file in a disk; the recording unit 200 is configured to when the anti-virus scanning unit 100 performs an anti-virus scan operation on at least one file in a disk, record information of the at least one file and information of a disk section having a read/write operation during the anti-virus scan operation; the processing unit 300 is configured to analyze the information of the at least one file and the information of the disk section having the read/write operation and obtain a cache reference section; and the caching unit 400 is configured to load one or more files in the cache reference section into a memory, and read the loaded one or more files in the memory to scan when receiving an anti-virus scan request.
  • Referring to FIG. 6, it is a structure diagram of a device for anti-virus scanning according to yet another embodiment of the invention. The device comprises: an anti- virus scanning unit 100, a recording unit 200, a processing unit 300 and a caching unit 400.
  • The processing unit 300 comprises: a classifying sub-unit 310, a selecting sub-unit 320, a combining sub-unit 330.
  • The classifying sub-unit 310 is configured to classify all files according to their file types; the selecting sub-unit 320 is configured to for files with different types, select cache files according to at least one of file popularity, a reading attributes of anti-virus engine, and unhitted cache data reported by a terminal; the combining sub-unit 330 is configured to combine disk sections having read/write operations corresponding to the cache files to obtain a cache reference section, wherein, the file popularity is high if the file is frequently used, and the file popularity is low if the file is rarely used. The reading attributes of anti-virus engine may be frequencies of the anti-virus engine reading respective sections of the disk.
  • Referring to FIG. 7, it is a structure diagram of a device for anti-virus scanning according to yet another embodiment of the invention. The device comprises: a anti-virus scanning unit 100, a recording unit 200, a processing unit 300, a caching unit 400 and a first judging unit 500.
  • The first judging unit 500 is configured to judge whether a file capacity in the cache reference section exceeds a preset threshold, after the combining sub-unit 330 combines disk sections having read/write operations corresponding to the cache files to obtain a cache reference section. If the file capacity exceeds the preset threshold, then it indicates the anti-virus scanning unit 100 to perform an anti-virus scan operation on at least one file in the cache reference section, indicates the recording unit 200 to record information of the at least one file and information of a disk section having a read/write operation during an anti-virus scan operation on the at least one file, and indicates the processing unit 300 to analyze the information of the at least one file and the information of the disk section having the read/write operation during an anti-virus scan operation on the at least one file, until the file capacity in the cache reference section meets the requirement of the preset threshold.
  • Referring to FIG. 8, it is a structure diagram of a device for anti-virus scanning according to yet another embodiment of the invention. The device comprises: an anti-virus scanning unit 100, a recording unit 200, a processing unit 300, a caching unit 400, a first judging unit 500, and a second judging unit 600.
  • The second judging unit 600 is configured to load one or more files in the cache reference section into the memory, and judge whether there exists a to-be-scanned file in the memory when the anti-virus scanning unit 100 receives an anti-virus scan request. If there exists no to-be-scanned files, then it indicates the anti-virus scanning unit 100 to directly read the to-be-scanned file from a disk to scan, indicates the recording unit 200 to record information of the to-be-scanned file and information of a disk section having a read/write operation during the scan on the to-be-scanned file, and indicates the processing unit 300 to combine the disk section having the read/write operation during the scan on the to-be-scanned file into the cache reference section.
  • It should be noted that various embodiments herein may be described in a progressive manner One embodiment may be described by emphasizing its difference from other embodiments. For similar/same things between one embodiment and another embodiment, one may refer to the another embodiment. Exemplary embodiments of device may be described briefly here since exemplary embodiments of devices are similar with exemplary embodiments of methods, and for relative things between them, one may refer to the illustrations in the exemplary embodiments of methods.
  • Based on the above description of embodiments, exemplary embodiments of the present invention may have the following benefits.
  • A cache reference section is obtained by recording and analyzing information of at least one file and information of a disk section having a read/write operation during anti-virus scan operation on the at least one file. So, when scanning next time, the at least one file in the cache reference section can be pre-loaded into a memory. Thus, cache data can be identified, and the efficiency of anti-virus scanning can be improved. By classifying the files to select proper cache files according to file popularity, a reading attributes of anti-virus engine, and unhitted cache data reported by a terminal, the range of cache reference section can be compressed, and the hit rate of cache files can be raised. Moreover, by judging whether the file capacity of cache reference section is appropriate so as to compress the cache reference section repeatedly, the memory storage pressure can be reduced, and the efficiency of anti-virus scanning can be increased without affecting the process performance. When a cache file is unhitted, the section corresponding to the unhitted cache file may be combined into the cache reference section. Therefore, the cache reference section can be further improved, and the hit rate of cache files can be enhanced.
  • A person having ordinary skills in the art can realize that part or whole of the processes in the methods according to the above embodiments may be implemented by a computer program instructing relevant hardware. The program may be stored in a computer readable storage medium. When executed, the program may execute processes in the above-mentioned embodiments of methods. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), et al.
  • The above descriptions are some exemplary embodiments of the invention, and should not be regarded as limitation to the scope of related claims. A person having ordinary skills in a relevant technical field will be able to make improvements and modifications within the spirit of the principle of the invention. The improvements and modifications should also be incorporated in the scope of the claims attached below.

Claims (16)

1. A method for anti-virus scanning, comprising:
recording, when performing an anti-virus scan operation on at least one file in a disk, information of the at least one file and information of a disk section having a read/write operation during the anti-virus scan operation;
analyzing the information of the at least one file and the information of the disk section having the read/write operation, and obtaining a cache reference section;
loading one or more files in the cache reference section into a memory, and reading the loaded one or more files in the memory to scan when receiving an anti-virus scan request.
2. The method of claim 1, wherein information of each of the at least one file comprises:
a file type, and a hash data of the file, wherein:
the file type is used to classify files and perform statistic on disk sections having read/write operations for files of respective types; and
the hash data of the file is used to check correction and integration of the file.
3. The method of claim 2, wherein analyzing the information of the at least one file and the information of the disk section having the read/write operation during the anti-virus scan operation, and obtaining a cache reference section, comprises:
classifying all files according to their file types;
for files with different types, selecting cache files according to at least one of file popularity, a reading attribute of anti-virus engine, and unhitted cache data reported by a terminal; and
combining disk sections having read/write operations corresponding to the cache files to obtain the cache reference section,
wherein, the file popularity is high when the file is frequently used, and the file popularity is low when the file is rarely used; and the reading attribute of anti-virus engine is frequencies of an anti-virus engine reading respective sections of the disk.
4. The method of claim 3, after combining the disk sections having the read/write operations corresponding to the cache files to obtain the cache reference section, further comprising:
judging whether a file capacity in the cache reference section exceeds a preset threshold; and
if the file capacity exceeds the preset threshold, performing an anti-virus scan operation on files in the cache reference section, recording information of the files and information of disk sections having read/write operations during the anti-virus scan operation, analyzing the information of the files and the information of the disk sections having the read/write operations during the anti-virus scan operation, until the file capacity in the cache reference section meets the requirement of the preset threshold.
5. The method of claim 1, wherein the step of loading one or more files in the cache reference section into a memory and reading the loaded one or more files in the memory to scan when receiving the anti-virus scan request, comprises:
loading one or more files in the cache reference section into the memory, and judging whether there exists a to-be-scanned file in the memory when receiving the anti-virus scan request; and
if there exists no to-be-scanned file, reading the to-be-scanned file directly from the disk to scan, recording information of the to-be-scanned file and information of a disk section having a read/write operation during the scan on the to-be-scanned file, and combining the disk section having the read/write operation during the scan on the to-be-scanned file into the cache reference section.
6. A device for anti-virus scanning, comprising:
an anti-virus scanning unit, configured to perform an anti-virus scan operation on at least one file in a disk;
a recording unit, configured to record, when performing an anti-virus scan operation on at least one file in a disk, information of the at least one file and information of a disk section having a read/write operation during the anti-virus scan operation;
a processing unit, configured to analyze the information of the at least one file and the information of the disk section having the read/write operation and obtain a cache reference section;
a caching unit, configured to load one or more files in the cache reference section into a memory, and indicate the anti-virus scanning unit to read the loaded one or more files from the memory to scan when the anti-virus scanning unit receives an anti-virus scan request.
7. The device of claim 6, wherein information of each of the at least one file comprises:
a file type, and a hash data of the file, wherein:
the file type is used to classify files and perform statistic on disk sections having read/write operations for files of respective types; and
the hash data of the file is used to check correction and integration of the file.
8. The device of claim 7, wherein the processing unit comprises:
a classifying sub-unit, configured to classify all files according to their file types;
a selecting sub-unit, configured to, for files with different types, select cache files according to at least one of file popularity, a reading attribute of anti-virus engine, and unhitted cache data reported by a terminal;
a combining sub-unit, configured to combine disk sections having read/write operations corresponding to the cache files to obtain a cache reference section,
wherein, the file popularity is high when the file is frequently used, and the file popularity is low when the file is rarely used; and the reading attribute of anti-virus engine is frequencies of an anti-virus engine reading respective sections of a disk.
9. The device of claim 8, further comprising:
a first judging unit, configured to judge whether a file capacity in the cache reference section exceeds a preset threshold after the combining sub-unit combines disk sections having read/write operations corresponding to cache files to obtain a cache reference section, wherein
the first judging unit further configured to, if the file capacity exceeds the preset threshold, indicate the anti-virus scanning unit to perform an anti-virus scan operation on files in the cache reference section, indicate the recording unit to record information of the files and information of disk sections having a read/write operation during an anti-virus scan operation on the files, and indicate the processing unit to analyze the information of the files and the information of the disk sections having the read/write operation during an anti-virus scan operation on the files until the file capacity in the cache reference section meets the requirement of the preset threshold.
10. The device of claim 6, further comprising:
a second judging unit configured to load one or more files in the cache reference section into the memory, and judge whether there exists a to-be-scanned file in the memory when the anti-virus scanning unit receives an anti-virus scan request, wherein
the second judging unit further configured to, if there exists no to-be-scanned file, indicate the anti-virus scanning unit to directly read the to-be-scanned file from a disk to scan, indicate the recording unit to record information of the to-be-scanned file and information of a disk section having a read/write operation during the scan on the to-be-scanned file, and indicate the processing unit to combine the disk section having the read/write operation during the scan on the to-be-scanned file into the cache reference section.
11. The method of claim 2, wherein the step of loading one or more files in the cache reference section into a memory and reading the loaded one or more files in the memory to scan when receiving the anti-virus scan request, comprises:
loading one or more files in the cache reference section into the memory, and judging whether there exists a to-be-scanned file in the memory when receiving the anti-virus scan request; and
if there exists no to-be-scanned file, reading the to-be-scanned file directly from the disk to scan, recording information of the to-be-scanned file and information of a disk section having a read/write operation during the scan on the to-be-scanned file, and combining the disk section having the read/write operation during the scan on the to-be-scanned file into the cache reference section.
12. The method of claim 3, wherein the step of loading one or more files in the cache reference section into a memory and reading the loaded one or more files in the memory to scan when receiving the anti-virus scan request, comprises:
loading one or more files in the cache reference section into the memory, and judging whether there exists a to-be-scanned file in the memory when receiving the anti-virus scan request; and
if there exists no to-be-scanned file, reading the to-be-scanned file directly from the disk to scan, recording information of the to-be-scanned file and information of a disk section having a read/write operation during the scan on the to-be-scanned file, and combining the disk section having the read/write operation during the scan on the to-be-scanned file into the cache reference section.
13. The method of claim 4, wherein the step of loading one or more files in the cache reference section into a memory and reading the loaded one or more files in the memory to scan when receiving the anti-virus scan request, comprises:
loading one or more files in the cache reference section into the memory, and judging whether there exists a to-be-scanned file in the memory when receiving the anti-virus scan request; and
if there exists no to-be-scanned file, reading the to-be-scanned file directly from the disk to scan, recording information of the to-be-scanned file and information of a disk section having a read/write operation during the scan on the to-be-scanned file, and combining the disk section having the read/write operation during the scan on the to-be-scanned file into the cache reference section.
14. The device of claim 7, further comprising:
a second judging unit configured to load one or more files in the cache reference section into the memory, and judge whether there exists a to-be-scanned file in the memory when the anti-virus scanning unit receives an anti-virus scan request, wherein
the second judging unit further configured to, if there exists no to-be-scanned file, indicate the anti-virus scanning unit to directly read the to-be-scanned file from a disk to scan, indicate the recording unit to record information of the to-be-scanned file and information of a disk section having a read/write operation during the scan on the to-be-scanned file, and indicate the processing unit to combine the disk section having the read/write operation during the scan on the to-be-scanned file into the cache reference section.
15. The device of claim 8, further comprising:
a second judging unit configured to load one or more files in the cache reference section into the memory, and judge whether there exists a to-be-scanned file in the memory when the anti-virus scanning unit receives an anti-virus scan request, wherein the second judging unit further configured to, if there exists no to-be-scanned file, indicate the anti-virus scanning unit to directly read the to-be-scanned file from a disk to scan, indicate the recording unit to record information of the to-be-scanned file and information of a disk section having a read/write operation during the scan on the to-be-scanned file, and indicate the processing unit to combine the disk section having the read/write operation during the scan on the to-be-scanned file into the cache reference section.
16. The device of claim 9, further comprising:
a second judging unit configured to load one or more files in the cache reference section into the memory, and judge whether there exists a to-be-scanned file in the memory when the anti-virus scanning unit receives an anti-virus scan request, wherein the second judging unit further configured to, if there exists no to-be-scanned file, indicate the anti-virus scanning unit to directly read the to-be-scanned file from a disk to scan, indicate the recording unit to record information of the to-be-scanned file and information of a disk section having a read/write operation during the scan on the to-be-scanned file, and indicate the processing unit to combine the disk section having the read/write operation during the scan on the to-be-scanned file into the cache reference section.
US14/419,275 2013-01-10 2013-11-14 Method and device for anti-virus scanning Active US9325736B2 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN201310008632.8A CN103927479B (en) 2013-01-10 One looks into viricidal method and device
CN201310008632 2013-01-10
CN201310008632.8 2013-01-10
PCT/CN2013/087166 WO2014107991A1 (en) 2013-01-10 2013-11-14 Method and device for anti-virus scanning

Publications (2)

Publication Number Publication Date
US20150207807A1 true US20150207807A1 (en) 2015-07-23
US9325736B2 US9325736B2 (en) 2016-04-26

Family

ID=51145697

Family Applications (1)

Application Number Title Priority Date Filing Date
US14/419,275 Active US9325736B2 (en) 2013-01-10 2013-11-14 Method and device for anti-virus scanning

Country Status (3)

Country Link
US (1) US9325736B2 (en)
HK (1) HK1199966A1 (en)
WO (1) WO2014107991A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11218164B2 (en) 2019-06-25 2022-01-04 Silicon Motion, Inc. Data storage device and non-volatile memory control method
US11314586B2 (en) 2019-06-17 2022-04-26 Silicon Motion, Inc. Data storage device and non-volatile memory control method
US11392489B2 (en) * 2019-06-17 2022-07-19 Silicon Motion, Inc. Data storage device and non-volatile memory control method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060185016A1 (en) * 2005-02-17 2006-08-17 Sitze Richard A System, computer program product and method of selecting sectors of a hard disk on which to perform a virus scan
US7591019B1 (en) * 2009-04-01 2009-09-15 Kaspersky Lab, Zao Method and system for optimization of anti-virus scan
US20130055396A1 (en) * 2007-09-28 2013-02-28 Microsoft Corporation Securing anti-virus software with virtualization
US8856927B1 (en) * 2003-07-22 2014-10-07 Acronis International Gmbh System and method for using snapshots for rootkit detection

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1282083C (en) * 2001-09-14 2006-10-25 北京瑞星科技股份有限公司 Computer memory virus monitoring method and method for operation with virus
CN102737187B (en) * 2012-06-26 2014-09-24 腾讯科技(深圳)有限公司 Antivirus method and client equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8856927B1 (en) * 2003-07-22 2014-10-07 Acronis International Gmbh System and method for using snapshots for rootkit detection
US20060185016A1 (en) * 2005-02-17 2006-08-17 Sitze Richard A System, computer program product and method of selecting sectors of a hard disk on which to perform a virus scan
US20130055396A1 (en) * 2007-09-28 2013-02-28 Microsoft Corporation Securing anti-virus software with virtualization
US7591019B1 (en) * 2009-04-01 2009-09-15 Kaspersky Lab, Zao Method and system for optimization of anti-virus scan

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11314586B2 (en) 2019-06-17 2022-04-26 Silicon Motion, Inc. Data storage device and non-volatile memory control method
US11392489B2 (en) * 2019-06-17 2022-07-19 Silicon Motion, Inc. Data storage device and non-volatile memory control method
US11218164B2 (en) 2019-06-25 2022-01-04 Silicon Motion, Inc. Data storage device and non-volatile memory control method

Also Published As

Publication number Publication date
CN103927479A (en) 2014-07-16
US9325736B2 (en) 2016-04-26
WO2014107991A1 (en) 2014-07-17
HK1199966A1 (en) 2015-07-24

Similar Documents

Publication Publication Date Title
US9953162B2 (en) Rapid malware inspection of mobile applications
US11188650B2 (en) Detection of malware using feature hashing
US8955121B2 (en) System, method, and computer program product for dynamically adjusting a level of security applied to a system
US10678921B2 (en) Detecting malware with hash-based fingerprints
US10721248B2 (en) Methods, systems and apparatus to mitigate steganography-based malware attacks
US10255434B2 (en) Detecting software attacks on processes in computing devices
CN108632219B (en) Website vulnerability detection method, detection server, system and storage medium
US9087194B2 (en) Providing information to a security application
US20150113653A1 (en) Scanning method and device, and client apparatus
WO2015109912A1 (en) Buffer overflow attack detection device and method and security protection system
US9325736B2 (en) Method and device for anti-virus scanning
US20230110650A1 (en) Managing the loading of sensitive modules
EP4158512A1 (en) Layered analysis for network security risk detection
Mishra Improving Speed of Virus Scanning-Applying TRIZ to Improve Anti-Virus Programs
CN115828256A (en) Unauthorized and unauthorized logic vulnerability detection method
US8918873B1 (en) Systems and methods for exonerating untrusted software components
CN108900508B (en) Advanced threat detection method, intelligent probe device and advanced threat detection system
CN107465676B (en) Method and device for uploading files to mass data file storage system
KR102412196B1 (en) Method for Detecting Malicious Codes of Compressed File
CN103927479B (en) One looks into viricidal method and device
CN105718799B (en) Method and system for identifying file overflow vulnerability
CN115310077A (en) Page display method, device and equipment for abnormal information
CN116232612A (en) Abnormal flow detection method, device and computer readable storage medium
CN115510437A (en) Method, device, equipment and medium for detecting SQL injection attack
CN112437036A (en) Data analysis method and equipment

Legal Events

Date Code Title Description
AS Assignment

Owner name: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED, CHI

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:GUO, YIBIN;REEL/FRAME:034873/0894

Effective date: 20141108

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8